第22卷第9期2023年9月Vol.22No.9Sept.2023软件导刊SoftwareGuide基于半监督引导的网络APT检测知识图谱构建王梦瑶,杨婉霞,王巧珍,赵赛,熊磊(甘肃农业大学机电工程学院,甘肃兰州,730070)摘要:各国信息系统等重要设施的高级持续性威胁(APT)攻击愈发频繁,且APT具有针对性强、隐蔽性好、破坏性大等特点。为了高效检测APT攻击,提出一种基于知识库的APT攻击检测方案。首先,通过搜集大量开源APT威胁数据,提出一种基于深度学习级联模型结构的新型APT知识获取方法。然后,针对数据的多源异构性,提出一种半监督Bootstrap的知识融合方法,以自动构建APT知识图谱。接下来,针对APT攻击检测识别的准确性,提出一种基于Bert+BiLSTM+Self-Attention+CRF模型的APT攻击检测方案,Bert模型提取文本特征,BILSTM提取输入语句与上下文之间的关系,融合Self-Attention机制关注上下文中的语义及APT实体间的关系,CRF模型根据标签间的依赖关系提取全局最优的输出标签序列,以得到APT攻击命名实体。实验表明,Bert+BiLSTM+Self-Attention+CRF模型的准确率、召回率、F1值分别达到88.69%、77.13%和82.5%,整体性能相较于现有方法更优。关键词:知识图谱;高级持续威胁;深度学习;APT攻击DOI:10.11907/rjdk.222304开放科学(资源服务)标识码(OSID):中图分类号:TP391文献标识码:A文章编号:1672-7800(2023)009-0147-07KnowledgeGraphConstructionBasedaSemi-SupervisedBootstrapforNetworkAPTDetectionWANGMengyao,YANGWanxia,WANGQiaozhen,ZHAOSai,XIONGLei(SchoolofMechanicalandElectricalEngineering,GansuAgriculturalUniversity,Lanzhou730070,China)Abstract:Advancedpersistentthreat(APT)attacksonimportantfacilitiessuchasinformationsystemsinvariouscountriesarebecomingin⁃creasinglyfrequent,andAPThasthecharacteristicsofstrongtargeting,goodconcealment,andhighdestructivepower.Inordertoefficient⁃lydetectAPTattacks,aknowledge-basedAPTattackdetectionschemeisproposed.Firstly,bycollectingalargeamountofopen-sourceAPTthreatdata,anovelAPTknowledgeacquisitionmethodbasedondeeplearningcascadingmodelstructureisproposed.Then,aimingatthemulti-sourceheterogeneityofdata,asemisupervisedbootstrapknowledgefusionmethodisproposedtoautomaticallybuildtheAPTKnowledgegraph.Next,inordertoimp...
